search for: iptables

Hi, I have a problem with asterisks on Linux. Looks like it is a iptables problem. My external client (eyebeam, on a different computer) cannot register to the asterisk server, but the asterisk server itself *looks* working. If I dial one of the incoming phone numbers for the server, I can see the call arriving in Asterisk (using asterisk -r). I tried nmap on my serve...

https://bugzilla.netfilter.org/show_bug.cgi?id=821 Summary: Rosa Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: andoandre at gmail.com Estim...

Hi community, i have a samba server that work's great, but my friends of IT security said that is vulnerable without a firewall,  i try to set an iptables firewall using the official documentation but is not working (obviously), this ti my config: #!/bin/sh echo n Aplicando Reglas de Firewall... ## FLUSH de reglas iptables -F iptables -X iptables -Z iptables -t nat -F ## Establecemos politica por defecto iptables -P INPUT DROP iptables -P OUTPUT A...

...ment is getting very slow - logon process is 3 times longer then on system with disabled firewall service. Below I pasted my firewall configuration - I based on samba tutorial and aexples and official microsoft web page with needed ports: Have you similar problems after firewall implementations ? iptables -F iptables -X iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts /bin/echo "0" > /proc/sys/net/ipv4/conf/all/acc...

Dear Members I hope you are all doing well. I am busy teaching myself iptables and was wondering if I may get some advise. The scenario is the following: 1. Default policy is to block all traffic 2. Allow web traffic and SSH 3. Allow other applications I have come up with the following: #!/bin/bash # RESET CURRENT RULE BASE iptables -F service iptables save #...

Hello. I'm moving from a very old Fedora Core 1 to CentOS 4.4, what a change!! Three year ago, I wrote some script (network related) and worked very well. Now, I can put into init.d by means of chkconfig and I restarted the system, but always hang when executing my srcipt (in my new centos 4.4). There a manual for making scripts for init.d? there is some new requirement by which it does not

...re than 1 ip.. is it possible to do it? some of them must be an open ip.. i mean.. all ports opened is it possible? how should i do it? Here is my nat.sh script just in case someone wants it.. (comments r in spanish.. and not right) Thanks in advance, #!/bin/sh echo "AthoS LaN Generando iptables..." > /dev/tty12 #limpiamos las tablas de iptables iptables -F iptables -t nat -F iptables -t filter -F #eth1 sera la interfaz de internet iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE #eth0 la interfaz de la red local iptables --append FORWARD --in-inter...

It's a shell script #!/bin/bash IPTABLES="/sbin/iptables" # Load required modules /sbin/insmod ip_tables /sbin/insmod ip_conntrack /sbin/insmod iptable_nat /sbin/insmod ipt_MASQUERADE # Then flush all rules /sbin/iptables -F /sbin/iptables -t nat -F /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables...

...cript is as below. and also in the latter two conditions IRIS doesnt caputre this packet shown above here is the firewall ------------------------------------------------------------------------------------------------------------------------------------- echo 1 > /proc/sys/net/ipv4/ip_forward iptables -F iptables -t nat -F modprobe ip_nat_ftp iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 42 -j ACCEPT iptables -A INPUT -i...

...e=Load%20Balancing%20Across%20Multiple%20Links I have made some modifications, but in second part of this mail are some errors: __________________________________________________________________ First the script: __________________________________________________________________ #!/bin/bash # iptables userspace executable iptables="/usr/local/sbin/iptables" # Internal Interface NET_INT_INT=eth0 # Internal IP NET_INT_IP=192.168.20.1 # Internal Subnet NET_INT_SUB=24 # Internal Network NET_INT_NET=192.168.20.0 # First external interface NET_EXT_INT1=eth1 # First external...

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I can get...

I know that I have asked this before of the list. However we just changed ISP and ip's and I'm having this issue again. I have a linux firewall using iptables with the following config eth0 = WAN 1 eth1 = LAN 1 eth2 = WAN 2 I'm trying to forward all traffic that makes a request from eth2 to an internal IP on eth1. These are the folloing rules that I have set up. iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 80 -j DNAT --to-d...

...script then it works well. what can be the connection of transparent redirection with samba please help me out. i m in a grate trouble. the detailed problem is below Regards Azeem >From: "azeem ahmad" <azeem484@hotmail.com> >To: samba@lists.samba.org >Subject: [Samba] iptables and samba >Date: Thu, 27 May 2004 21:02:44 +0000 > >hi >i m using the script below >------------------------------------------------------------------------------------------------------------------------------------- >iptables -F >iptables -t nat -F >iptables -P INPUT DROP...

Hello Leon. In addition to everything else mentioned in this thread, I'd recommend you a great book on the topic. "Attack Detection and Response with iptables, psad, and fwsnort by Michael Rash" It contains a really nice and detailed guide on iptables and most common attacks, nmap, psad and snort. Regarding your config, I'd like to point several things: 1. You're not dropping packets in status 'INVALID' on top of your script, which...

...l. So it will have one external, WAN facing nic that needs all incoming ports except UDP 5060 and 10000 -> 60000 blocked for all but two ips. The internal, LAN facing NIC will need all ports except voip/dns/http blocked to it, and need to provide masquerading. I have limited experience with iptables and would love some guidelines. Any pointers would be greatly appreciated! Thanks, jlc -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080522/7bda745b/attachment-0005.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=860 Summary: Bizarre "cannot use" error inconsistent with command line Product: iptables Version: 1.4.x Platform: arm OS/Version: other Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: eric.bock.1980 at gmail.com Estimated...

...ted that rules with the highest chance to match should be in the beginning of the tables. Therefore, I added them the top with the assumption that one would like to drop non-standard packets as early as possible. @Paul. I totally agree with you. My main objective is to master concepts related to iptables. I never had to deal with iptables in the past, however the landscape I find myself in, is changing and I realised the need to develop the skill set. @ll at avc.su. I was able to track down the book you have mentioned and downloaded a copy. Thank you once again to all. I have learned a lot fro...

Hello, I want to test Shorewall''s IPsec feature. It requires patched netfilter (and kernel but that''s another story). I didn''t want to replace my distribution''s iptables package with my own compilation so I installed it to another prefix. Now Shoreall uses the iptables command found first in $PATH. I don''t think this is the most elegant way. I think the command should be configurable in shorewall.conf. So I patched my shorewall installation with this r...

?????? 23 ???? 2016 05:56,? "Mike" <1100100 at gmail.com> ???: > > > After using iptables for a long time, I can't figure out where this syntax > comes from. > Can anyone point me in the right direction to understand the proper syntax > necessary in /etc/sysconfig/iptables? > The syntax comes from the output of the 'iptables-save' command. You can configure '...

...both ppp connections to use unit option. default gateway for internet is B. got DNS server set up on the router to serve my local (LAN) zone and to forward requests to A''s DNS servers because B''s often fail to resolve and take much time to refresh their zones. right now i got iptables NAT set up to masquerade my LAN via B. provider B forces me to use their cache servers (www, ftp) which is very nasty as they aren''t show my IP. i want one of my local machines 192.168.0.16/26 to be masqueraded through A, while 4 others DHCP assigned PCs would use B. also i''d...